FRITZ!Box Services

Internet / Permit Access / FRITZ!Box Services

On the "FRITZ!Box Services" page you can allow access to the FRITZ!Box user interface from the internet and release the storage media of the FRITZ!Box for sharing.

Features of FRITZ!Box Services

  • Access to the FRITZ!Box user interface takes place over HTTPS.
  • Access to the storage media of the FRITZ!Box takes place over HTTPS, TP or FTPS.
  • Access is permitted only for FRITZ!Box users. The FRITZ!Box users must have the corresponding rights. Users are configured in the "System / FRITZ!Box Password" menu. Access is protected by the user name and a password.
  • For access from the internet the FRITZ!Box needs a public address. Configure Dynamic DNS or enable the MyFRITZ! service to obtain a public address for the FRITZ!Box.
    • Set up Dynamic DNS at "Internet / Permit Access /DynDNS".
    • The MyFRITZ! service is enabled at "Internet / MyFRITZ! Account".
  • If you enabled the MyFRITZ! service, the settings you make on this page are automatically adopted in the "Internet / MyFRITZ! Account" menu and are also valid for access from the internet using the MyFRITZ! service.

TCP Port for HTTPS

TCP Port for HTTPS

The TCP port used by the FRITZ!Box for HTTPS is displayed here. Encryption protects access to the FRITZ!Box user interface via HTTPS.

The default HTTPS port is 443.

If the FRITZ!Box is to be accessed at a port other than the default HTTPS port 443, you can change the port number here. Select a port number between 1 and 65535.

If the FRITZ!Box is registered with a MyFRITZ! account, then a different port number was already entered for HTTPS. The port number was assigned randomly.

If the FRITZ!Box does not use the default HTTPS port 443, then the port number must be entered to open the FRITZ!Box user interface. This applies both when the user interface is opened from within the home network and for access from the internet.

Home network address of your FRITZ!Box

The home network address of the FRITZ!Box is the FRITZ!Box's internal IP address. FRITZ!Box can be reached from the home network at this IP address.

The following addresses are displayed here:

  • fritz.box: This is the internal IP address of the FRITZ!Box.
  • The internal IPv4 address.
  • The internal IPv6 address: If you enabled IPv6 in the FRITZ!Box, the internal IPv6 address is displayed here.

If the FRITZ!Box uses an HTTPS port other than the default 443, the port number is appended to the home network address after a colon.

If you want to access the FRITZ!Box via HTTPS from the home network, you must enter one of the displayed addresses. Enter the address exactly as it is displayed here.

Internet Access

Internet access to the FRITZ!Box via HTTPS enabled

This setting allows the FRITZ!Box to be accessed from the internet.

  • FRITZ!Box users who have been granted the right "Access from the internet allowed" can access the FRITZ!Box user interface over HTTPS and view all settings. FRITZ!Box users who also have the "FRITZ!Box settings" right can also change settings in the FRITZ!Box.
  • FRITZ!Box users who have been granted the rights "Access from the internet allowed" and "Access to NAS contents" can access the FRITZ!Box storage media over HTTPS.

Web address of your FRITZ!Box

The web address of the FRITZ!Box is the FRITZ!Box's public IP address. FRITZ!Box can be reached from the internet at this IP address. The public IP address is assigned by the internet service provider.

The IP address can change every time a connection to the internet is established. The connection is cleared automatically by the internet provider every 24 hours. Then a new public IP address is assigned.

The following addresses are displayed here:

  • The MyFRITZ! address: If the FRITZ!Box is registered with a MyFRITZ! account, the MyFRITZ! address is displayed here as well. The MyFRITZ! address is the IP address assigned by the internet provider. The MyFRITZ! address remains constant even when the IP address changes.
  • The dynamic DNS address: If you enabled dynamic DNS in the FRITZ!Box, the dynamic DNS address is displayed here. The dynamic DNS address is the IP address assigned by the internet provider. The Dynamic DNS address remains constant even when the IP address changes.
  • The IP address assigned by the internet provider.
  • The IPv6 address: If you enabled IPv6 in the FRITZ!Box, the public IPv6 address is displayed here.

If the FRITZ!Box uses an HTTPS port other than the default 443, the port number is appended to the web address after a colon.

If you want to access the FRITZ!Box via HTTPS from the internet when you're away from home, you must enter one of the displayed addresses. Enter the address exactly as it is displayed here.

Internet access to your storage media via FTP/FTPS enabled

When this checkbox is enabled, FRITZ!Box users can also access the FRITZ!Box's storage media from the internet via FTP or FTPS. The prerequisite is that the FRITZ!Box users have the rights "Access from the internet allowed" and "Access to NAS contents".

FTP address

The following FTP/FTPS addresses are displayed:

  • DynDNS address: If you enabled DynDNS (dynamic DNS) in the FRITZ!Box, the DynDNS address is also displayed. The DynDNS address is the IP address assigned by the internet provider. The DynDNS address remains constant even when the IP address changes.
  • The IP address assigned by the internet provider.
  • The IPv6 address: If you enabled IPv6 in the FRITZ!Box, the public IPv6 address is displayed here.

If you want to access your storage media over the internet from a remote location via FTP or FTPS, use one of these addresses.

Allow only secure FTP connections (FTPS)

Enable this checkbox if access to the storage media should be granted only over secure FTPS and not over FTP.

Certificate

Certificates allow the authenticity of remote peers to be checked for internet communication.

The FRITZ!Box uses its own SSL certificate.

You can use another certificate instead.

The SSL certificate of the FRITZ!Box

  • It is not issued by any of the common, well known certification authorities.
  • It is not included by default in the certificate administration of browsers.

How a certificate check works

The certificate administration is a list of certificates from trustworthy certification authorities.

When remote peers are accessed, the browser looks in this list for the certificate for the remote peer. Based on this certificate the browser checks to make sure that the remote peer is what it claims to be. When the FRITZ!Box is accessed this means that it checks to make sure that it is accessing the right FRITZ!Box. If the certificate is not included in the list, or if the authenticity of the remote site is not confirmed, the browser issues a certificate warning.

You can avoid the certificate warning by downloading the SSL certificate used by the FRITZ!Box from the FRITZ!Box and importing it to the browser's certificate administration.

If you access the FRITZ!Box from different computers, load the certificate on all of the computers and import it into the certificate administration of all your browsers.

Status

This indicates which certificate the FRITZ!Box is using: its own certificate or another certificate.

The fingerprint of the certificate is also displayed.

Install

Two steps are required to install the certificate for the browser:

  1. Downloading the certificate from the FRITZ!Box
  2. Import the certificate into the certificate administration of the browser.

Download the certificate from the FRITZ!Box

  1. Click "Download Certificate".
  2. Select "Save File".
  3. Click "OK".

The certificate is loaded from the FRITZ!Box to the Download folder of your device.

Import the certificate into the certificate administration of the browser.

For the browser to find the certificate, it must be added to the list of trustworthy certificates. The following section describes how certificates are imported into the certificate administration of several browsers and the Apple OS X operating system.

Microsoft Internet Explorer

Mozilla Firefox

Google Chrome in Windows

Google Chrome in Apple OS X

Apple OS X

User's Own Certificate

If you have your own SSL certificate, which you use in the certificate administration of your browsers, then load it to the FRITZ!Box in order to prevent certificate warnings.

Certificates protected with a password can also be imported.

The certificate must fulfill the following criteria:

  • The certificate and the private key must be in PEM format.
  • The private key must be an RSA key.

Importing the Certificate to the FRITZ!Box

  1. Click the "Browse..." button.
  2. Select the folder and the PEM file.
  3. Click "Open".
  4. If the certificate is protected with a password, enter the password in the "Password" field.
  5. Click "Import...".
The FRITZ!Box uses its own SSL certificate.